maxjhandsome
/
llvm-project
forked from OSchip/llvm-project
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity

Recommit "[libFuzzer] Fix value-profile-load test." 

value-profile-load.test needs adjustment with a mutator change in
bb54bcf849, which reverted as of now, but will be
recommitted after landing this patch.

This patch makes value-profile-load.test more friendly to (and aware of) the
current value profiling strategy, which is based on the hamming as well as the
absolute distance. To this end, this patch adjusts the set of input values that
trigger an expected crash. More specifically, this patch now uses a single value
0x01effffe as a crashing input, because this value is close to values like
{0x1ffffff, 0xffffff, ...}, which are very likely to be added to the corpus per
the current hamming- and absolute-distance-based value profiling strategy. Note
that previously the crashing input values were {1234567 * {1, 2, ...}, s.t. <
INT_MAX}.

Every byte in the chosen value 0x01effeef is intentionally different; this was
to make it harder to find the value without the intermediate inputs added to the
corpus by the value profiling strategy.

Also note that LoadTest.cpp now uses a narrower condition (Size != 8) for
initial pruning of inputs, effectively preventing libFuzzer from generating
inputs longer than necessary and spending time on mutating such long inputs in
the corpus - a functionality not meant to be tested by this specific test.

Differential Revision: https://reviews.llvm.org/D86247
This commit is contained in:
Dokyung Song 2020-08-19 20:21:05 +00:00
parent 3f8a0ecdaa
commit 52f1df0923
2 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
compiler-rt/test/fuzzer/LoadTest.cpp
View File

@ -9,15 +9,16 @@
#include <cstring>
#include <iostream>
static volatile int Sink;
const int kArraySize = 1234567;
int array[kArraySize];
static volatile uint8_t Sink;
const int kArraySize = 32505854; // 0x01effffe
uint8_t array[kArraySize];
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
if (Size < 8) return 0;
if (Size != 8)
return 0;
uint64_t a = 0;
memcpy(&a, Data, 8);
memcpy(&a, Data, sizeof(a));
a &= 0x1fffffff;
Sink = array[a % (kArraySize + 1)];
return 0;
}

2
compiler-rt/test/fuzzer/value-profile-load.test
View File

@ -1,3 +1,3 @@
CHECK: AddressSanitizer: global-buffer-overflow
RUN: %cpp_compiler %S/LoadTest.cpp -fsanitize-coverage=trace-gep -o %t-LoadTest
RUN: not %run %t-LoadTest -seed=2 -use_cmp=0 -use_value_profile=1 -runs=20000000 2>&1 | FileCheck %s
RUN: not %run %t-LoadTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=20000000 2>&1 | FileCheck %s